Weekly Vulnerability Recap 3/11/24: JetBrains & Atlassian Issues

This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues.
JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up in the same products.
The problem: Two authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199, allow unauthenticated attackers to exploit JetBrains TeamCity servers.
These are different JetBrains vulnerabilities than the ones mentioned in past recaps.
Potential exploits of the new vulnerabilities can include remote code execution on TeamCity servers.
JetBrains released a detailed blog post explaining the specific timeline of discovering the vulnerabilities, the conflict with Rapid7, and JetBrains' stance on releasing vulnerability information.
Its position is that immediately releasing vulnerability data to the public allows threat actors to exploit the issues before customers have sufficient time to patch them.
Because of these differences, JetBrains decided not to coordinate with Rapid7 in disclosing the vulnerability information.
According to JetBrains' blog post, the new version and the related security patch plug-in solves both authentication bypass vulnerabilities.
Type of vulnerability: Multiple issues, including kernel security bypass vulnerabilities.
If your business doesn't have a good method of quickly finding vulnerabilities, consider investing in a vulnerability scanning product specifically designed for websites, applications, or DevOps use cases.
Type of vulnerability: Use-after-free vulnerability potentially leading to code execution.
The problem: CVE-2024-22252, a use-after-free vulnerability, could allow a threat actor to execute code using admin privileges on a VMware virtual machine.
According to the National Instutite of Standards and Technology, the exploitation is contained within the VMX sandbox in ESXi, but in Workstation and Fusion, the vulnerability could lead to code execution on machines where the products are installed.
Type of vulnerability: Carriage return line feed injection attack by an unauthenticated remote attacker.
The problem: Cisco's Secure Client software has a vulnerability, CVE-2024-20337, that allows an attacker to complete a carriage return line feed injection attack.
According to Cisco, after exploiting the Secure Client vulnerability, an attacker could execute arbitrary code or access sensitive data in the browser, like valid SAML tokens.
Type of vulnerability: Potential authentication bypass.
The problem: CVE-2023-22527, a remote code execution vulnerability in outdated versions of Atlassian Confluence Data Center and Confluence Server, is currently being actively exploited.
Atlassian disclosed the vulnerability in January, but threat actors continue to capitalize on the issue: VulnCheck recently published a blog post and noted that the vulnerability has at least 30 unique exploits, as of March 8.


This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 11 Mar 2024 21:13:07 +0000


Cyber News related to Weekly Vulnerability Recap 3/11/24: JetBrains & Atlassian Issues

Weekly Vulnerability Recap 3/11/24: JetBrains & Atlassian Issues - This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up ...
9 months ago Esecurityplanet.com
JetBrains, Rapid7 clash over vulnerability disclosure policies - A dispute between software maker JetBrains and security vendor Rapid7 has highlighted ongoing concerns with coordinated vulnerability disclosure policies and practices. On March 4, JetBrains disclosed two critical vulnerabilities tracked as ...
9 months ago Techtarget.com
Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
1 year ago Packetstormsecurity.com
Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
1 year ago Bleepingcomputer.com
Threat Groups Rush to Exploit JetBrains' TeamCity CI/CD Security Flaws - The cyberthreats to users of JetBrains' TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that included exploiting the flaws for ...
9 months ago Securityboulevard.com
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
1 year ago Bleepingcomputer.com
JetBrains vulnerability exploitation highlights debate over 'silent patching' - Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities. In a blog post published Monday, JetBrains attributed the compromise of several customers' servers ...
9 months ago Therecord.media
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
11 months ago Bleepingcomputer.com
Weekly Vulnerability Recap 2/12/24: Continued Ivanti, JetBrains Issues - This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can ...
10 months ago Esecurityplanet.com
Atlassian Patches RCE Flaw that Affected Multiple Products - Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in multiple products. The CVEs for these vulnerabilities have been assigned as CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471. ...
1 year ago Gbhackers.com
CVE-2022-26136 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This ...
2 months ago
CVE-2022-26137 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security ...
2 months ago
Attacks begin on critical Atlassian Confluence vulnerability - Multiple cybersecurity organizations have observed exploitation attempts against a critical Atlassian Confluence vulnerability that was disclosed and patched last week. In a security advisory published on Jan. 16, Atlassian detailed a remote code ...
10 months ago Techtarget.com
Atlassian Patches Critical Remote Code Execution Vulnerabilities - Business software maker Atlassian this week announced updates that address critical-severity remote code execution vulnerabilities in Confluence and other products. Atlassian, which rates the vulnerability with a CVSS score of 9.0, notes that an ...
1 year ago Securityweek.com
Atlassian Confluence Server RCE attacks underway The Register - More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. Atlassian ...
10 months ago Go.theregister.com
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - It's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the ...
1 year ago Darkreading.com
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
1 year ago Bleepingcomputer.com
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
1 year ago Packetstormsecurity.com
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers - Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a ...
1 year ago Thehackernews.com
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
11 months ago Securityboulevard.com
Fixing a Major Security Issue in Jira Service Management Server and Data Center - This week, a major security vulnerability was fixed in Jira Service Management Server, a popular IT services management platform for enterprises. This vulnerability could have allowed attackers to impersonate users and gain access to access tokens. ...
1 year ago Csoonline.com
Recent TeamCity Vulnerability Exploited in Ransomware Attacks - A TeamCity vulnerability disclosed recently in controversial circumstances is being exploited in ransomware attacks, according to the product's developer and cybersecurity companies. On March 4, JetBrains, the developer of the TeamCity build ...
9 months ago Securityweek.com
JetBrains fingers Rapid7 for customer ransomware attacks The Register - Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. The software developer published its side of the story at the time, but ...
9 months ago Go.theregister.com
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
10 months ago Securityboulevard.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)